Cloud Email Security

8 Steps for Recovering from a BEC Attack

Posted by

You may think business email compromise (BEC), also known as email fraud and email account compromise (EAC), is a fairly new threat. However, the FBI has been tracking BEC attacks since 2013. As a form of phishing, a BEC attack occurs most frequently when a hacker compromises legitimate business email accounts to facilitate fraudulent and illegal activity, such as requesting a wire transfer or employee W-2 forms. Unlike most types of phishing, BEC scams often don’t involve viruses or malicious links and attachments (though some may); usually, they’re simply an email from what appears to be a trusted individual requesting money or information.

While many BEC attacks target lower-level employees with access to sensitive information while posing as a top executive to get what they want, the fact is BEC attacks don’t discriminate. To protect your company, BEC phishing needs to be understood by everyone — even those sitting in the C-suite — because just a single attack can deliver a crippling financial blow to any organization. In fact, recent trends related to fraudulent wire transfers and unauthorized disclosures of employee data show that total global losses is nearly $13 billion (up from about $5 billion just three short years ago). These numbers prove that cybercriminals have embraced BEC phishing as one of the top ways to commit fraud.

8 Phishing Prevention Steps to Take Following a BEC Attack

What can organizations do to combat this growing threat? These eight tips may help you mitigate damage in the event of disaster.

1. Contact the Authorities.

The first thing to do if you or your organization is the victim of a BEC attack is to alert the FBI (this is especially critical to aid in financial recovery if the attack involved the transfer of funds). You can file a complaint with the Internet Crime Complaint Center of the FBI at

2. Scan Devices.

Next, run tests on the victim’s devices to detect malware. Unlike other types of cyber threats, BEC phishing doesn’t always involve malware—so you may not uncover anything. However, it is better to be safe than sorry. If malware is discovered or files have been corrupted, you may want to consider completely reimaging the victim’s device (removing and then reinstalling all software, starting with the operating system).

3. Check for Spread.

Employees don’t work in a vacuum, and there’s a good chance they may have compromised someone else’s device. Start by looking at the victim’s sent email folder to determine who else they may inadvertently affected, but don’t rely only on this folder. It’s also important to look at the server side of things to determine with certainty who they’ve emailed and potentially compromised.

4. Stop the Spread.

Once you’ve determined who else the victim emailed, you’ll want to follow similar safety and quarantine procedures for all recipients.

5. Analyze the Threat.

Where did the BEC attack originate? Again, when there is no malware present, there may be very little forensic evidence left behind, but a well-trained team of IT experts may be able to uncover something. Even if nothing is found, analysis is important in order to determine why the victim fell for the scam in order to properly train others.

6. Educate Your Employees.

If they’re not already in place, now is the time to implement cybersecurity awareness training programs. These should be ongoing to keep BEC phishing top-of-mind (while keeping employees current on the latest threats and enforcing good habits). It’s important that everyone is required to attend these sessions no matter how far up the ladder they reside.

7. Develop Security Solutions.

If not already in place, it’s important to implement email and security solutions to reduce the likelihood of a future attack. This may include the creation and roll-out of computer use policies, adoption of multi-factor authentication (MFA), email password protocols, and other security measures.

8. Use an Anti-Phishing Solution.

Despite your best efforts, you may not be able to prevent a future BEC attack on your own. After all, the average email user receives 67 spam emails per month, many of which are probably phishing attempts. Even if you have just 10 employees, that’s 670 opportunities for hackers to be successful every month. So, it’s in your best interest to partner with an active defense phishing solution provider.

Choosing a Reliable Anti-Phishing Software Provider

A quality anti-phishing service can be your best friend when it comes to BEC phishing prevention. Clearedin phishing software works in the background, assessing emails to determine whether they pose a threat. The platform does more than that, however.

Clearedin also analyzes company communication over multiple platforms, such as the popular communication channel Slack, using artificial intelligence and machine learning to develop a model of your organization’s communications network. As new messages come in, ClearedIn validates each one against a social trust graph based on the flow and frequency of past communications. Clearedin phishing prevention also checks embedded links and analyzes email addresses for spoofing attempts.

To learn more about how you can protect your organization from the growing threat of BEC attacks and phishing, contact the Clearedin team today.

Related Posts

Get Clearedin

Stop targeted attacks on email, Slack, Zoom, and Box with Clearedin’s active defense technology.
Let us show you